Still Problems with AV-Services getting killed by apt method #5

Discussion in 'ProcessGuard' started by Storm, Dec 2, 2003.

Thread Status:
Not open for further replies.
  1. Storm

    Storm Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    46
    Hi there!
    (Hi Pilli, this time the correct forum ;) )

    Okay... I'm still having trouble with PG not protecting my AV-Services
    (AVKService.exe and AVKWCtl.exe/GDATA Antivirenkit 2004)

    I tried the things Pilli mentioned here:
    After adding AVK-Stuff, I closed and restarted PG...
    And I rebooted... and tried in different combinations...

    But no chance... Method #5 (Debug Active Process) still kills the AV Services... PG logs the access but seems to do nothing to stop it!
    :doubt:
    Logfile:

    [20:30:44] [P] - d:\dcs\apt\apt.exe [432] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on d:\antivirenkit 2004\avkwctl.exe [676]
    [20:30:54] [P] - d:\dcs\apt\apt.exe [1608] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on d:\antivirenkit 2004\avkservice.exe [660]


    Hope you have some more ideas o_O
    Storm
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Storm, At one time when we were beta testing we had a similar problem but after doing the fixes you tried and leaving pg alone for quite few minutes then trying again it worked, not sure if it is a timing thing or not. Having said that I know Jason will look very carefully before replying as he does like to nail the nits :)
    Just one more thing, I assume you do have both General Protection option enabled?
     
  3. Storm

    Storm Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    46
    Yes... both general options are enabled
    (see attached Screenshot)

    Storm
     

    Attached Files:

  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Anyway one of the things that Jason and DCS are very aware of is the amount of undocumented call within MS, so there still may be some calls that are misiing, also the way that different apps use thes calls.
    I am sure Jason will reply tomorrow.
     
  5. Storm

    Storm Registered Member

    Joined:
    Nov 8, 2003
    Posts:
    46
    Yeah, I'm sure the guys will figure it out! :D

    Thanks anyway, Pilli!

    Greets

    Storm
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    OK Storm, Sorry I could do no more.
     
  7. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    This *may* be fixed in the next version. Ask the beta testers in a few hours. :)

    -Jason-
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I disabled all PG protection, closed PG & uninstalled PG prior to installing the beta

    The new beta appears to be more stable & so far I have had no problems.

    XP Pro, Both General options enabled but no CHM
    KAV - Using APT K1 - K7 cannot be killed
    SMC.exe - K1 - K7 cannot be killed

    Server 2003, Both General options enabled & CHM on Outpost V2 only

    NOD32kui.exe - K7 cannot be killed
    NOD32krn.exe - K7 cannot be killed
    Outpost.exe - K7 cannot be killed

    Will continue with more testing ... :)
     
Thread Status:
Not open for further replies.